X.Org Server Starts June With Nine New Security Vulnerabilities Discovered Via AI
There are nine new security vulnerabilities impacting the X.Org Server as well as the XWayland component. Yep, more than a decade after X.Org Server security issues began coming to light with a security research acknowledging it's a disaster and "it's worse than it looks", it continues holding true.
These latest security vulnerabilities were uncovered using AI... In particular, Trend Micro's TrendAI Zero Day Initiative. TrendAI found eight of the nine vulnerabilities made public today with longtime X.Org input developer Peter Hutterer of Red Hat discovering the ninth.
The latest X.Org Server codebase vulnerabilities include:
More details on today's security disclosures via the xorg-announce list. In turn xorg-server 21.1.23 and xwayland 24.1.12 are released tonight in order to address these very latest security issues. With the growing use of AI/LLMs for security research, it will be interesting to see how many more issues are uncovered this summer in the X.Org Server codebase considering the brisk pace of security issues as well cropping up in the Linux kernel.
These latest security vulnerabilities were uncovered using AI... In particular, Trend Micro's TrendAI Zero Day Initiative. TrendAI found eight of the nine vulnerabilities made public today with longtime X.Org input developer Peter Hutterer of Red Hat discovering the ninth.
The latest X.Org Server codebase vulnerabilities include:
* Font Alias Stack-based Buffer Overflow
* XSYNC Use-After-Free in miSyncDestroyFence()
* XKB Key Types Stack-based Buffer Overflow
* XKB SetMap Request Stack-based Buffer Overflow
* XSYNC Use-After-Free in FreeCounter()
* XSYNC Use-After-Free in SyncChangeCounter()
* GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write
* CreateSaverWindow Use-After-Free Information Disclosure
* DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write
More details on today's security disclosures via the xorg-announce list. In turn xorg-server 21.1.23 and xwayland 24.1.12 are released tonight in order to address these very latest security issues. With the growing use of AI/LLMs for security research, it will be interesting to see how many more issues are uncovered this summer in the X.Org Server codebase considering the brisk pace of security issues as well cropping up in the Linux kernel.